Re: Is _your_ Netscape under remote control

[ley () cert dfn de (Wolfgang Ley)]

-----BEGIN PGP SIGNED MESSAGE-----

Dave Horsfall wrote:
> Anyone know whether any versions of Mosaic are susceptible?  I don't use
> Netscrape...

Mosaic (at least the Unix version of NCSA) has two different remote control
protocols:
1) via a TCP/IP connection to a port specified by the user:
   This CCI (Common Client Interface) is diabled by default, but the user
   is able to activate it (via option, menu or resources). The user has
   to specify a port number to use for remote control.
   There is no access control - so if you activate it everyone can
   connect to the Mosaic process and remote control it.
   See also:
   http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/CCI/cci-spec.html

2) via signal handling and a local file:
   If you send a USR1 signal to the running Mosaic it tries to read
   commands from /tmp/Mosaic.<pid>
   Sending a USR1 signal to the process should only be possible by the
   use running the browser, so this is better than the CCI stuff.
   This is enabled by default (and can't be switched off).
   See also:
   http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/remote-control.html

Bye,
  Wolfgang Ley.
- --
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg,    Germany
Email: ley () cert dfn de   Phone: +49 40 54715-262 Fax: +49 40 54715-241
PGP-Key available via finger ley () ftp cert dfn de any key-server or via
WWW from http://www.cert.dfn.de/~ley/               ...have a nice day

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMamsCQQmfXmOCknRAQHY+gP/TJA+fABmeh30me+H5gBnNjMc7labALdf
IWPCnHf3aUUQPDAMknuLZUEaV4m1Sto0hSvqfhT8IzC5kWSedrS9glOOuEyYbSb3
iyM/b3h9+0dkFde+s3YRpN3RP1+tqtIubWlTVbB8YtZULPWULz2a3k4JSZEJd4RR
dZl4C6t/2Oo=
=paAR
-----END PGP SIGNATURE-----